| CPC G06F 21/566 (2013.01) [G06F 8/71 (2013.01); G06F 21/562 (2013.01); G06F 21/563 (2013.01); G06F 21/567 (2013.01); G06F 21/568 (2013.01); G06F 2221/034 (2013.01)] | 14 Claims |
|
1. A method comprising:
identifying, by a content management system, a change set including change entries describing changes made at a client device to content contained in content items;
analyze, by the content management system, the change set based on one or more malware detection rules;
determining, by the content management system, a number of the change entries in the change set that satisfy at least one of the one or more malware detection rules;
based on the number of the change entries that satisfy at least one of the one or more malware detection rules, initiating, by the content management system, a scan of other change sets associated with the client device to determine whether the client device has malicious software;
during the scan of the other change sets associated with the client device, confirming, by the content management system, that the client device has the malicious software;
identifying, by the content management system, a target content item affected by the malicious software;
identifying, by the content management system, a first change entry in the other change sets corresponding to a first indication of the malicious software affecting the target content item; and
restoring, by the content management system, the target content item to a prior version predating the first change entry.
|